What's That Chord Doing?'s API is built on Node/Express
- Node
- Express
- MongoDB
- Mongoose, for schema/data-validation
- Passport / Passport-JWT, for authentication
- JWT-Simple, for encoding/decoding our authentication tokens
- bcrypt.js, for password hashing before our data store
- badwords, for filtering user account names
Our backend is RESTful, consists of seven CRUD endpoints, and manages/serves account- and score-keeping-data for our app.
Authentication is with JWT, stored passwords are hashed using bcrypt.
We aggressively filter "profane" account names, because they're globally-viewable, and... who knows?